Stories
Slash Boxes
Comments

SoylentNews is people

OpenSSL: Heartbleed - the Fallout.

posted by janrinok on Thursday April 10 2014, @09:45PM   Printer-friendly
from the security-is-important dept.

After reporting the problems with OpenSSL, which has been nicknamed 'HeartBleed', 2 contributors have forward articles on why you should change your passwords.

Heartbleed, and why you should change your password

I always believed Mojang would keep my details safe, now I realise they are not in control of their own data. Mojang/Minecraft passwords should be changed immediately

Heartbleed Bug: Change All Your Passwords

An anonymous coward writes:

The fallout from the Heartbleed bug is hitting the mainstream. The BBC has an article headlined "Public urged to reset all passwords".

Bruce Schneier calls it "catastrophic", giving this advice to sysadmins: "After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected." He also links to a webpage that will let you test servers for the bug, and an article on Ars Technica discussing the bug.

 
This discussion has been archived. No new comments can be posted.
OpenSSL: Heartbleed - the Fallout. | Log In/Create an Account | Top | 43 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Hairyfeet on Friday April 11 2014, @04:06AM

    by Hairyfeet (75) <bassbeast1968NO@SPAMgmail.com> on Friday April 11 2014, @04:06AM (#29845) Journal

    Exactly HOW am I wrong? remember the "$5 wrench" comrade? Well thanks to Snowden we now know they don't even need a $5 wrench, they just need a side room at AT&T,Google,Yahoo, and pretty much every major ISP and terminal in the country. you might want to look up the telecom immunity blowup and what the whistleblower put out there about what is EXACTLY going on to see why they really don't need your keys, they can flash a badge and copy every single packet not to mention the contents of your emails or anything else they want, no pesky warrants required.

    Again if you want to do it to stop script kiddies? Go right ahead, but seeing as it'll take most big places a month or more to get switched probably not gonna help ATM but if you think its gonna stop big bro? Well there is a REASON why we say "if they have access to the hardware you've already lost" because once the hardware is compromised everything else is fucked. unless you are using a VPN to tunnel AND don't have the tunnel ending anywhere in the USA then you are just you are just playing security theater because some lackey at the NSA can push a button and see everything you've done going back years....why do you think they built that massive bunker datacenter in Utah, for fun? when you are blanket capturing THAT much data you gotta have some big ass boxes to pour through the stuff.

    --
    ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2